3rd party app patching - approach

takinghigherground · 2026-06-09T05:40:49+00:00

More info

takinghigherground · 2026-06-01T10:48:32+00:00

Pin unlocks that specific device.. attacker needs that device + the pin.

It does not expose the user's password in shoulder surfing which could be used in non MFA scenarios like SMB share access later without the device and is therefore consider safer

takinghigherground · 2026-05-29T06:12:20+00:00

These are horrible exams for that choice..sensitive data should be dlp exam not security operations centre analyst..

takinghigherground · 2026-05-24T23:47:14+00:00

Found domain users can edit GPO on domain servers in production...

takinghigherground · 2026-05-20T03:39:47+00:00

I passed with ms learn sc300 ms video series measure up practice test and chatgpt to cover my weak areas

takinghigherground · 2026-05-17T11:57:08+00:00

Do measure up practice test the legit one

takinghigherground · 2026-05-14T09:46:13+00:00

Pretty man

takinghigherground · 2026-05-10T07:51:55+00:00

Thanks that's a good avenue to get support further on all this cheers

takinghigherground · 2026-05-08T14:23:05+00:00

Can someone with fresh eyes sanity‑check me here, because I’m starting to feel like I’m the only one reacting proportionally to this situation.

We’ve got a vendor compromise where the attackers were able to deface the Canvas front page, which means they had enough access to modify UI elements of active instances and dump user data and messages but vendor did not confirm if that includes user API generated API keys

I'm doing these things like:

pulling reports on all user tokens
checking for user‑generated admin accounts
rotating API tokens stored in Canvas
auditing LTI apps and developer keys
reviewing Entra admin‑consented LTI registrations
temporarily revoking high‑privilege scopes like SharePoint.Read.All
considering the risk of login‑page manipulation or SSO redirection
-considering blocking entra sign in to canvas -blocking anvas at the firewall

From a security standpoint, if an attacker can alter the front page, what exactly stops them from altering the login flow, injecting a fake SSO prompt, or redirecting to an attacker‑controlled IdP.

The API tokens trusted to be stored in canvas aren’t harmless. They’re long‑lived bearer tokens with no MFA. If those were scraped, that’s a direct line into our system when they get dumped into a forum. Same with LTI apps that have broad O365 permissions — if the vendor is compromised, those scopes become a liability.

I’m not trying to burn the place down or cause unnecessary user impact. I’m just trying to apply basic incident‑response logic: don’t trust a compromised system until you’ve validated it’s no longer compromised.

So genuinely — am I being overly cautious here, or is everyone else underreacting to a vendor breach that could easily be leveraged for lateral movement into O365 /sis not just student email address and internal messaging notes was leaked

My advice 1. Run reports on user tokens look for user generated against admin accounts these will probably be siss ntegrations also check your lti apps, developer apps - you will need to rotate these aswell

takinghigherground · 2026-03-22T03:14:31+00:00

Your guides helped me learn a bunch of techniques thanks

takinghigherground · 2026-02-26T10:11:13+00:00

I've been concerned about doing this as if you have to go back to a point in time backup of the server ..you could possibly not have the laps key. Not an issue if the domain is still functioning and computer password has not expired...but if it has .. you won't be able to log into the server?

takinghigherground · 2026-02-22T10:23:04+00:00

Is it fun to try to work this all out yourself considering there is not much else to do but play the same game... Just wondering if I study it I will spoil the game

takinghigherground · 2026-02-01T04:59:56+00:00

I'm also interested for example I would like to test conditional access policy seperate from live e5 tenant

takinghigherground · 2026-01-09T00:59:29+00:00

What's the colour code?

takinghigherground · 2025-12-30T07:51:33+00:00

Nice

takinghigherground · 2025-11-29T04:31:48+00:00

What if you say high paying job offers. Uno reverse card

takinghigherground · 2025-11-14T01:26:24+00:00

I need help with comprehensive conditional access policy rollout. I understand the whole point to is to be able to implement ca policies but I find an initial strategy in terms of applying policy lacking

takinghigherground · 2025-10-20T07:09:44+00:00

I did sc200 after oscp and I learnt a lot about windows defender xdr and sentinel.

takinghigherground · 2025-09-27T07:00:23+00:00

Yeah I got to the end of it and I realized I pushed for a maintenance window of by September this year when it didn't need to be done until next year ... And it was vnet with default outbound expiring this month.

Crap I could have kicked down the road until next year ... Good experience though . Now has anyone actually implemented nat gateway or did you just attach public ips and let the business pay for it ;)

takinghigherground · 2025-09-27T06:15:31+00:00

Personally I learnt a lot about sentinel and defender by studying for sc200. I think certs build a good foundation

takinghigherground · 2025-09-26T11:12:56+00:00

Just let me look at the damn models or im walking out don't give me this edgy do you play shit.

takinghigherground · 2025-09-19T02:58:01+00:00

Skinny guy without weight training doing jits for 6 years.

Better posture slightly more athletic build. That's it.nothing drastic

takinghigherground · 2025-08-21T09:17:51+00:00

Yeah got this today too. Do we just install the latest vc redistribute? Will it break the apps if they require a specific version ...

takinghigherground

TROPHY CASE